Cryptography Based on Correlated Data: Foundations and Practice

Correlated data can be very useful in cryptography. For instance, if a uniformly random key is available to Alice and Bob, it can be used as an one-time pad to transmit a message with perfect security. With more elaborate forms of correlated data, the parties can achieve even more complex cryptographic tasks, such as secure multiparty computation. This thesis explores (from both a theoretical and a practical point of view) the topic of cryptography based on correlated data

Generic Construction of UC-Secure Oblivious Transfer

We show how to construct a completely generic UC-secure oblivious transfer scheme from a collision-resistant chameleon hash scheme (CH) and a CCA encryption scheme accepting a smooth projective hash function (SPHF). Our work is based on the work of Abdalla et al. at Asiacrypt 2013, where the authors formalize the notion of SPHF-friendly commitments, i.e. accepting an SPHF on the language of valid commitments (to allow implicit decommitment), and show how to construct from them a UC-secure oblivious transfer in a generic way. But Abdalla et al. only gave a DDH-based construction of SPHF-friendly commitment schemes, furthermore highly relying on pairings. In this work, we show how to generically construct an SPHF-friendly commitment scheme from a collision-resistant CH scheme and an SPHF-friendly CCA encryption scheme. This allows us to propose an instantiation of our schemes based on the DDH, as efficient as that of Abdalla et al., but without requiring any pairing. Interestingly, our generic framework also allows us to propose an instantiation based on the learning with errors (LWE) assumption. For the record, we finally propose a last instantiation based on the decisional composite residuosity (DCR) assumption

Universally Composable Oblivious Transfer Protocol based on the RLWE Assumption

We use an RLWE-based key exchange scheme to construct a simple and efficient post-quantum oblivious transfer based on the Ring Learning with Errors assumption. We prove that our protocol is secure in the Universal Composability framework against static malicious adversaries in the random oracle model. The main idea of the protocol is that the receiver and the sender interact using the RLWE-based key exchange in such a way that the sender computes two keys, one of them shared with the receiver. It is infeasible for the sender to know which is the shared key and for the receiver to get information about the other one. The sender encrypts each message with each key using a symmetric-key encryption scheme and the receiver can only decrypt one of the ciphertexts. The protocol is extremely efficient in terms of computational and communication complexity, and thus a strong candidate for post-quantum applications

DNSSEC -- authenticated denial of existence : understanding zone enumeration

Over the years DNS has proved to be an integral part of the internet infracstructure. For our purposes, DNS is simply a large scale distributed database that maps human-readable domain names to network recognizable IP addresses. Unfortunately, authenticity of responses was not integral to the initial DNS design. This lead to the possibility of a very practical forgery of responses as displayed by Kaminsky's cache poisoning attacks. DNSSEC is primarily designed as a security extension of DNS, that guarantees authenticity of DNS responses. To answer invalid queries in an authenticated manner, DNSSEC initially employed the NSEC records. To its credit, NSEC allowed nameservers to precompute signatures for such negative responses offline. As a result, NSEC is highly scalable while preserving the authenticity/correctness of responses. But, while doing so, NSEC leaks domains from nameserver's zone. This is called zone enumeration. To counter zone enumeration, NSEC3 was deployed. It is a hashed authenticated denial of existence of mechanism,i.e., it reveals the hashes of the zones in a domain. NSEC3 yet allows offline signatures, and is scalable like NSEC. Unfortunately, hashes are vulnerable to dictionary attacks a property exploited by conventional NSEC3 zone enumeration tool, e.g., nsec3walkertool. This leads us to investigate the possibility of constructing an authenticated denial of existence of mechanism which yet allows offline cryptography. To do so, we first define the security goals of a "secure" DNSSEC mechanism in terms of an Authenticated Database System (ADS) with additional goals of privacy, that we define. Any protocol that achieves these goals, maintains the integrity of DNSSEC responses and prevents zone enumeration. We then show that any protocol that achieves such security goals, can be used to construct weak signatures that prevent selective forgeries. This construction, though a strong indication, doesn't confirm the impossibility of generating proofs offline. To confirm that such proofs aren't possible offline, we show attacks of zone enumeration on two large classes of proofs. The provers/responders in this case either repeat proofs non-negligibly often or select proofs as subsets from a pre-computed set of proof elements. The attackers we present use a dictionary of all elements that are likely to occur in the database/zone. The attackers prune the said dictionary to obtain the set of all elements in the database (along with a few additional elements that are erroneously classified to be in the database). These attackers minimize the number of queries made to such responders and are loosely based on the paradigm of Probably Approximately Correct learning as introduced by Valiant

Combining Shamir & Additive Secret Sharing to Improve Efficiency of SMC Primitives Against Malicious Adversaries

Secure multi-party computation provides a wide array of protocols for mutually distrustful parties be able to securely evaluate functions of private inputs. Within recent years, many such protocols have been proposed representing a plethora of strategies to securely and efficiently handle such computation. These protocols have become increasingly efficient, but their performance still is impractical in many settings. We propose new approaches to some of these problems which are either more efficient than previous works within the same security models or offer better security guarantees with comparable efficiency. The goals of this research are to improve efficiency and security of secure multi-party protocols and explore the application of such approaches to novel threat scenarios. Some of the novel optimizations employed are dynamically switching domains of shared secrets, asymmetric computations, and advantageous functional transformations, among others. Specifically, this work presents a novel combination of Shamir and Additive secret sharing to be used in parallel which allows for the transformation of efficient protocols secure against passive adversaries to be secure against active adversaries. From this set of primitives we propose the construction of a comparison protocol which can be implemented under that approach with a complexity which is more efficient than other recent works for common domains of interest. Finally, we present a system which addresses a critical security threat for the protection and obfuscation of information which may be of high consequence.Comment: arXiv admin note: text overlap with arXiv:1810.0157

Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer

Protocols for secure two-party computation enable a pair of parties to compute a function of their inputs while preserving security properties such as privacy, correctness and independence of inputs. Recently, a number of protocols have been proposed for the efficient construction of two-party computation secure in the presence of malicious adversaries (where security is proven under the standard simulation-based ideal/real model paradigm for defining security). In this paper, we present a protocol for this task that follows the methodology of using cut-and-choose to boost Yao\u27s protocol to be secure in the presence of malicious adversaries. Relying on specific assumptions (DDH), we construct a protocol that is significantly more efficient and far simpler than the protocol of Lindell and Pinkas (Eurocrypt 2007) that follows the same methodology. We provide an exact, concrete analysis of the efficiency of our scheme and demonstrate that (at least for not very small circuits) our protocol is more efficient than any other known today

Algebraic Frameworks for Cryptographic Primitives

A fundamental goal in theoretical cryptography is to identify the conceptually simplest abstractions that generically imply a collection of other cryptographic primitives. For symmetric-key primitives, this goal has been accomplished by showing that one-way functions are necessary and sufficient to realize primitives ranging from symmetric-key encryption to digital signatures. By contrast, for asymmetric primitives, we have no (known) unifying simple abstraction even for a few of its most basic objects. Moreover, even for public-key encryption (PKE) alone, we have no unifying abstraction that all known constructions follow. The fact that almost all known PKE constructions exploit some algebraic structure suggests considering abstractions that have some basic algebraic properties, irrespective of their concrete instantiation. We make progress on the aforementioned fundamental goal by identifying simple and useful cryptographic abstractions and showing that they imply a variety of asymmetric primitives. Our general approach is to augment symmetric abstractions with algebraic structure that turns out to be sufficient for PKE and much more, thus yielding a “bridge” between symmetric and asymmetric primitives. We introduce two algebraic frameworks that capture almost all concrete instantiations of (asymmetric) cryptographic primitives, and we also demonstrate their applicability by showing their cryptographic implications. Therefore, rather than manually building different cryptosystems from a new assumption, one only needs to build one (or more) of our simple structured primitives, and a whole host of cryptosystems immediately follows.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/166137/1/alamati_1.pd

Distributed Query Execution With Strong Privacy Guarantees

As the Internet evolves, we find more applications that involve data originating from multiple sources, and spanning machines located all over the world. Such wide distribution of sensitive data increases the risk of information leakage, and may sometimes inhibit useful applications. For instance, even though banks could share data to detect systemic threats in the US financial network, they hesitate to do so because it can leak business secrets to their competitors. Encryption is an effective way to preserve data confidentiality, but eliminates all processing capabilities. Some approaches enable processing on encrypted data, but they usually have security weaknesses, such as data leakage through side-channels, or require expensive cryptographic computations. In this thesis, we present techniques that address the above limitations. First, we present an efficient symmetric homomorphic encryption scheme, which can aggregate encrypted data at an unprecedented scale. Second, we present a way to efficiently perform secure computations on distributed graphs. To accomplish this, we express large computations as a series of small, parallelizable vertex programs, whose state is safely transferred between vertices using a new cryptographic protocol. Finally, we propose using differential privacy to strengthen the security of trusted processors: noise is added to the side-channels, so that no adversary can extract useful information about individual users. Our experimental results suggest that the presented techniques achieve order-of-magnitude performance improvements over previous approaches, in scenarios such as the business intelligence application of a large corporation and the detection of systemic threats in the US financial network

Physical-Layer Security, Quantum Key Distribution and Post-quantum Cryptography

The growth of data-driven technologies, 5G, and the Internet place enormous pressure on underlying information infrastructure. There exist numerous proposals on how to deal with the possible capacity crunch. However, the security of both optical and wireless networks lags behind reliable and spectrally efficient transmission. Significant achievements have been made recently in the quantum computing arena. Because most conventional cryptography systems rely on computational security, which guarantees the security against an efficient eavesdropper for a limited time, with the advancement in quantum computing this security can be compromised. To solve these problems, various schemes providing perfect/unconditional security have been proposed including physical-layer security (PLS), quantum key distribution (QKD), and post-quantum cryptography. Unfortunately, it is still not clear how to integrate those different proposals with higher level cryptography schemes. So the purpose of the Special Issue entitled “Physical-Layer Security, Quantum Key Distribution and Post-quantum Cryptography” was to integrate these various approaches and enable the next generation of cryptography systems whose security cannot be broken by quantum computers. This book represents the reprint of the papers accepted for publication in the Special Issue

Variable Bias Coin Tossing

Alice is a charismatic quantum cryptographer who believes her parties are unmissable; Bob is a (relatively) glamorous string theorist who believes he is an indispensable guest. To prevent possibly traumatic collisions of self-perception and reality, their social code requires that decisions about invitation or acceptance be made via a cryptographically secure variable bias coin toss (VBCT). This generates a shared random bit by the toss of a coin whose bias is secretly chosen, within a stipulated range, by one of the parties; the other party learns only the random bit. Thus one party can secretly influence the outcome, while both can save face by blaming any negative decisions on bad luck. We describe here some cryptographic VBCT protocols whose security is guaranteed by quantum theory and the impossibility of superluminal signalling, setting our results in the context of a general discussion of secure two-party computation. We also briefly discuss other cryptographic applications of VBCT.Comment: 14 pages, minor correction